System and method for accessing a structure using directional antennas and a wireless token

ABSTRACT

A wireless device access system that employs directional antennas for short-range wireless communication to detect the proximity and orientation of a user device with respect to a structure is disclosed. The access system receives and authenticates an unlock request and confirms the proximity and orientation of the user device prior to transmitting an unlock command to the structure. This authentication may occur through the use of substantially opposing directional antennas separated by a ground plane. Additionally, the wireless device may require the proximity of a user token prior to operation and/or the access system may include an override within the structure blocking any unlock command.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/253,122, filed Apr. 15, 2014, now issued U.S. Pat. No. 9,007,173,which is a continuation-in-part of U.S. patent application Ser. No.14/105,279, filed Dec. 13, 2013, which is a continuation ofInternational Patent Application No. PCT/US2012/042683, filed Jun. 15,2012 which claims the benefit of U.S. Provisional Application No.61/498,169 filed Jun. 17, 2011, each of which is hereby incorporated byreference to the extent not inconsistent.

FIELD OF THE INVENTION

The present invention generally relates to an access system including awireless token and a proximity and location verification device. Moreparticularly, the present invention pertains to a three point accesssystem which includes a wireless token which transmits a request foraccess which ultimately results in a door being unlocked.

SUMMARY

Disclosed is a wireless device access system which employs short-rangewireless communication and one or more directional antennas to requirethe presence of a user device within a designated area proximate to anentry point of a structure prior to providing access to the structure.The access system includes a wireless node having a wirelesstransmission area proximate to or covering the entry point whichauthenticates a user device for a certain structure when the user devicecomes within range of the wireless node. In response to authenticatingthe user device, the wireless node sends a wake-up signal to an accessdevice associated with the certain structure, such as a lock on an entrypoint. In response to the wake-up command, the access device will remainactive for a predetermined but limited period of time so as to beavailable to communicate with a user device. Additionally, in someforms, the wake-up command may also issue a notification triggering anin-room system to prepare the room, such as by turning on the lights orother user specified actions. In a further form, the wake-up command mayinclude a temporary security code for verifying an unlock command sentby a user device. When the user device comes within range of therecently activated access device, provided that the access device isstill active, the user device will communicate its credentialinformation to the access device for confirmation. In addition, theaccess device utilizes at least a pair of directional antennas toconfirm that the requesting user device is within a designated area,such as a 2 foot semi-circular area outside of a door. Such a locationconfirmation ensures that access to a structure won't ever be improperlygranted based upon a user device within the structure or within anadjacent structure. Upon confirming the authorization associated withthe provided access code and confirming that the user device is withinthe designated area, the access device grants the user access to thestructure by unlocking the entry. In a further form, the two directionalantennas are separated by a ground plane to improve their relativeperformance.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagrammatic view of an access system according to oneimplementation of the present invention.

FIG. 2A-2B is a process flow diagram illustrating one set of stepsperformed in enabling a user to access a structure using the novelaccess system, including a wireless token.

FIG. 3 is a mock floor plan illustrating the coverage areas of theaccess node and the two door lock antennas in a typical multi-room hotelsetting.

FIGS. 4A and 4B are plan views illustrating opposite sides of one formof a lock as arranged in a door according to one implementation of thepresent invention.

DETAILED DESCRIPTION

For the purposes of promoting and understanding of the principles of theinvention, reference will now be made to the embodiment illustrated inthe drawings and specific language will be used to describe the same. Itwill nevertheless be understood that no limitation of the scope of theinvention is thereby intended. Any alterations and further modificationsin the described embodiments, and any further applications of theprinciples of the invention as described herein are contemplated aswould normally occur to one skilled in the art to which the inventionrelates.

Currently, systems exist, such as the Signature RFID/NFC system fromVingCard, which provide a user access to a hotel room using their mobilephone. Alternatively, other point-to-point systems exist which provideaccess to an office, lab, or other secured area using a wireless token,such as an RFID tag or card. However, such systems are limited in thatthe token is limited to a single identifier which leaves open a crucialsecurity flaw which would allow for duplication of the token'sresponsive signal. Additionally, given the wireless range of thesetokens, an undesirable situation may arise in which the token is withinrange of the lock or RFID reader when inside of the secured area. Thispresents the possibility that access may be granted to anyone seekingentry at that time.

As shown in FIG. 1, one embodiment of an access system 20 advantageouslypermits a user to access a structure 40 using a wireless token 24. Inaddition to lodging and workplace access systems, it will be appreciatedthat similar embodiments of the access system to be described alsoencompass systems for controlling access to other structures oropenings/doors thereof. In particular, the access system 20 isparticularly well suited to providing access to structures in which theauthorized users frequently change, such as a hotel. As such, in theillustrated embodiment, according to FIG. 1, the described systemcomprises an access system 20 for allowing a hotel guest to access theirassigned hotel room 40 using a wireless token 24, which in the preferredform, is an electronic device capable of short range wirelesscommunication, such as a device implementing Bluetooth®, Zigbee®, orsome other low-power wireless communication protocol/standard. It shallbe understood that many of the descriptions herein are made with respectto a hotel environment and are meant for illustrative purposes and thatthe concepts herein are generally applicable to a general safety andsecurity access system and are not limited to only a hotel room accesssystem.

Examples of other structures for which the novel access system may beadapted include other rooms within a hotel (i.e. workout rooms, pools,VIP lounges), office buildings, school/university buildings,laboratories, warehouses, and portions thereof, event ticketgates/turnstiles, movie theatres, safety deposit boxes, mailboxes,lockers, or other enclosures for which providing selective user accessis desired.

As shown in FIG. 1, according to the illustrative embodiment, the accesssystem 20 includes one or more wireless tokens 24 which allow a user toaccess their assigned hotel room without a traditional key or card.Illustratively, in some embodiments, the access system 20 includes adata network 54. Data network 54 is preferably a private local areanetwork (LAN) and may comprise the Internet, which is a TCP/IP basedglobal network; however, the user of the term “Internet” herein shall beunderstood to refer to at least a portion of any public interconnectedelectronic network which interchanges data by packet-switching.

Access system 20 additionally comprises a mechanical lock 34 for lockingand unlocking a structure 40 (partially shown). In the illustratedembodiment, a user gains access to the structure 40 via door 32. In theillustrative embodiment, mechanical lock 34 is a mechanical door lock,which includes a locking mechanism similar to a common entry or exteriorlock, but is further capable of self-unlocking in response to anelectronic signal, in addition to other functionality described herein.For purposes of non-limiting example, mechanical lock 34 may include acam lock, rotary latch, electro-mechanical lock, magnetic lock, or thelike. According to the preferred form, lock 34 unlocks in response to anelectrical signal sent from a wireless token 24 and/or access node 50.In one form, the electrical signal is sent wirelessly, such as over alow-power RF connection, such as a Zigbee® connection. In a furtherpreferred form, the lock 34 returns to a locked state following thepassage of a predetermined time period or a user opening and closing thedoor following the receipt of an unlock signal. In some additionalforms, lock 34 or door 40 may also include a mechanical key slot, keycard, or other entry permitting authentication means 36 in addition to,or as backup for, that described herein with respect to lock 34. Inaddition, it shall be appreciated that system 20 may be applied toaccess restrictions other than locks including, for example, an elevatorcontrol system providing limited access, a garage door, or others accessbarriers, as described later.

Access system 20 also utilizes at least one access node 50 to interfacewith wireless token 24 and lock 34. Access node 50, as illustrated, is awireless node implementing a common short-range wireless standard, suchas Bluetooth® or ZigBee®, to those implemented by wireless token 24 andlock 34. Access node 50 is also connected to server 60 via firewall 52and network 54.

In the illustrative form, access system 20 includes a plurality ofaccess nodes, such as access node 50, where each node is strategicallypositioned near a specified structure (i.e. a hotel room). The accessnodes are preferably always in a active mode so that wireless tokens 24may be connected with them on demand in the event the wireless token 24is authorized, such as by having an authorized MAC address or some otherselected security mechanism. In a further form, the access nodes 50 arenot in a discoverable mode and the pairing of the access nodes 50 withwireless token 24 occurs prior to the user's arrival programmatically.Illustratively, in some embodiments, access node 50 is operativelyconnected to server 60 to process and authenticate electronic unlockrequests from wireless tokens 24. Firewall 52 includes at least ahardware or software implemented firewall or other selected securityfeatures to prevent external access to server 60 or access node 50.

The location information maintained by access node 50 is linked to thepresent/assigned location of the node and is used in processing anyunlock request. For example, an access node on the fourth floor of ahotel in downtown Chicago may be assigned a unique hotel identifiercoupled with a hotel zone identifier. Alternatively, the node may beassigned a single identifier which is then linked to its location by thewireless token 24 or server 60. For purposes of illustrating thehierarchical relationship between access nodes 50 and the structureswhich fall within their range, a mock floor plan is shown in FIG. 3. Themock floor plan illustrates a number of complete circles which denotethe wireless range of a number of access nodes 50 for purposes ofcovering the entryway/hallway of a hotel floor and one or more doors.

According to the illustrated embodiment, server 60 operates inconjunction with access node 50 over internal network 54 to authenticateany wireless token 24 which comes within its range. In one form, when awireless token 24 comes within range of an access node 50, the accessnode 50 receives information from the wireless token 24 and seeks toidentify one or more structures within its coverage area to which thewireless token 24 is authorized to enter. The server 60 serves toauthenticate the request or a portion thereof using a reservations andoccupancy database, while in other forms, the access node 50 may performat least a portion of the authentication. In the illustrativeembodiment, server 60 processes each request corresponding to anauthentication request received by access node 50 from wireless token24, and upon proper authentication, confirms the authentication for oneor more structures to access node 50 which then transmits an electronicsignal to the corresponding lock(s), such as lock 34, notifying the lockto wake-up for a predetermined period of time in order to communicationwith nearby authorized wireless token 24. In a further form, the accessnode 50 not only notifies lock 34 that it should wake-up, but alsocommunicates information to lock 34 regarding which wireless token 24 itshould be expecting.

While server 60 is described and illustrated as being a server, itshould be understood that server 60 may be any computer, including aclient server arrangement. Server 60 may interface with access node 50by either a wireless or hardwired interconnection. Preferably, theconnection is a secured connection. A non-limiting example list ofpotential interfaces includes IR, optical, RF, serial port, IP network,and USB. Additionally, the functions of server 60 and access node 50 maybe integrated into one computer system.

Once access node 50 as authenticated wireless token 24 and woken-up aselected lock 34, the process proceeds to a second level authenticationbetween the wireless token 24 and lock 34. In the illustratedembodiment, wireless token 24 connects to lock 34 and providesauthorization information. In one form, the authorization informationprovided may be the same as the authorization information provided bywireless token 24 to access node 50, described above. Alternatively, inanother form, the authorization information provided by wireless node 24may be unlock information provided to wireless node 24 by access node 50earlier in the process. Furthermore, in this form as well as other, uponreceiving the authorization information from wireless token 24, lock 34may communicate with access node 50 to confirm the authorization orwireless token 24. In the event the authorization information receivedby lock 34 is authorized, by whatever means selected, lock 34 determinesthat a legitimate unlock request is present.

Additionally, either prior to or simultaneous with, lock 34 assesses thelocation of wireless token 24 to determine whether it is within adesignated area. For making this determination, lock 34 includes twodirectional antennas 38 and 39 which are operable to communicate withwireless token 24 over a low power wireless transmission protocol. Asillustrated in FIG. 1 and FIGS. 4A-B, according to the illustrated form,lock 34 and antennas 38 and 39 are located within the mortise of door 32or in a position proximate thereto. According to the described form, asshown in FIG. 4A, antenna 38 faces outward from door 32 and structure 40while, as shown in FIG. 4B antenna 39 faces inward from door 32 and intostructure 40. These antennas enable lock 34 to determine an approximatelocation of wireless token 24 with respect to door 32 (i.e. inside oroutside of structure 40) based upon a received signal strengthindication (RSSI) determined by each of directional antennas 38 and 39.

The direction antennas 38 and 39 are preferably patch antennas, whichprovide for a low-profile combined with low back-lobe radiation. The lowprofile makes installations within the cavity of a door or other desiredlocation easier while the low back-lobe radiation enhances thedifference in signal strength perceived by the two opposing antennaswith respect to the same user device. It shall be appreciated thatvarious sizes of directional antennas 38 and 39 may be used, such as3.5″×3″ or 5.5″×4.5″, and that the directional antennas 38 and 39 shownare sized for ease of illustration.

In order to further enhance the difference in signal strengths perceivedby direction antennas 38 and 39 with respect to the same user device,the system 20 includes a ground plane 35 which is arranged betweendirection antennas 38 and 39. Ground plane 35 may be a part ofdirectional antennas 38 and/or 39 or separate therefrom. Ground plane 35is preferably sized to be larger than direction antennas 38 and 39, andmore preferably is sized to be at least twice the size of directionalantennas 38 and 39. Ground plane 35 is also preferably made from aradio-frequency reflective material, such as metal or the like. In afurther form, ground plane 35 may be replaced by two or more groundplanes of the same or varying sizes and/or materials where desired.

In an alternate form, a number of omni-directional antennas implementingbeamforming or spatial filtering signal processing may be used asdirectional antennas 38 and/or 39 as such processing provides fordirectional signal transmission and reception. As is known in the art,beamforming utilizes an array of omni-directional antennas which resultsin signals at particular angles experiencing constructive anddestructive interference. By shifting the transmitters out of phase withone another, the cross-over points can be manipulated, resulting in adirectional nature to the array on omni-directional antennas. In thisform, the directional antennas 38 and/or 39 may be located in accessnode 50 as opposed to in lock 34, and function with more than one door32, such as to provide inside/outside detection for its associatedstructure 40.

Using the information obtained from the directional antennas 38 and 39concerning user device 24, lock 34 can confirm that the requesting userdevice 24 is within a designated area, such as an 2 foot semi-circulararea on the outside of a door. The primary information derived from thedirectional antennas 38 and 39 is the signal strength received as wellas the differential of the signal strength perceived between the two.Such a confirmation ensures that access to a structure won't ever beimproperly granted based upon a user device within the structure. Forexample, the mock floor plan shown in FIG. 3 illustrates a number ofdesired areas as small half circles outside of hotel room doors, whichare the effective coverage areas for the required signal strength to bedetected by antenna 38 with respect to wireless token 24. It is onlywhen a wireless token 24 is within these areas that their respectivedoors may be opened if authorized. Furthermore, a number of larger halfcircles in the interior of the hotel rooms show the field of coverage ofantennas 39 which are used to detect when wireless token 24 is withinthe corresponding hotel room.

Only after the authentication information received from wireless token24 is verified and the location of wireless token 24 has been determinedto be in the designated area will lock 34 unlock to permit the useraccess to the structure.

In still other embodiments, lock 34 is operably coupled to an overrideswitch (not shown) having an access disable state. Asserting theoverride switch prevents the access system 20 from permitting access tocorresponding structure 40. As one non-limiting example, the overrideswitch may be asserted when a guest engages a deadbolt or bar latchwithin their hotel room. In some embodiments of the access system 20,the override switch is incorporated into an electronic control, notshown here, accessible to the user within structure 40.

A flowchart illustrating one set of steps performed in configuring awireless token 24 for use in accessing a structure 40 according to oneembodiment of the present invention is shown in FIG. 2. The processinvolves a wireless token 24 and the various other components of accesssystem 20. The following description is with continuing reference toaccess system 20 of FIG. 1. As shown in FIG. 1, the wireless token 24may be a dedicated wireless token or another device, such as a mobiletelephone, laptop, tablet, or other portable electronic device; however,it is understood that numerous other networked appliances are alsointended.

It shall be appreciated that initial reservation, check-in, andconfiguration information must be populated within server 60 to enableto access methods described herein to be performed. For example,confirmation information stored by server 60 preferably identifies thehotel and the user and includes a check-in/check-out date along withdetails of the type of room requested/reserved. In the preferred form,this confirmation information is received by server 60 as a result of ahotel booking being made for a user either online, in person, or overthe phone.

Upon checking into the hotel, or being authorized to access some otherstructure in other adaptations of the system 20, the wireless token 24is automatically configured to pair with or otherwise connect to accessnodes located near the structure 40. Additionally, the details of theassigned room or structure, including its number and location, are thenstored by server 60 is association with wireless token 24. This ensuresthat access nodes 50 will proper identify the room wireless token 24 isassigned to access and be able to authenticate its request for access.It shall be appreciated that this process may be modified to accommodatemore than one authorized hotel guest per room, such as having twowireless devices authorized to enter the same hotel room, or allowing acurrent guest to authorize the wireless device of another to access thehotel room for any portion of their remaining stay.

In continuing the description of the embodiment described with respectto FIG. 2, a flowchart illustrating one set of steps performed inallowing a user to access structure 40 using wireless token 24 and thevarious other components of access system 20 is shown. The followingdescription is with continuing reference to access system 20 of FIG. 1

As shown in FIG. 2, the process begins at start point 200 with the useralong with the wireless token 24 arriving in a location within range ofan access node 50. In step 202 or 204, a user device, such as either amobile telephone or wireless token 24, are detected by the access node50 respectively. Upon detecting the user device, the access nodedetermines whether or not the user is authorized to enter one of thestructure entrances that is proximate to access node 50 (step 206). Ifthe user is not authorized, the process ends at point 208. If the useris authorized, the user device connects to the access node 50 (step210). Next, in order to ensure that the user is on the proper floor, theaccess node 50 compares its perceived signal strength from the nearestaccess nodes of the floor above and below (if available) to ensure thatits signal is the strongest (step 212). If the user is determined to beon another floor, the process proceeds to and ends at step 214.Alternatively, if the access node 50 determines that the user is on itsassociated floor, the process proceeds to step 216. In step 216 theaccess node 50 collaborates with server 60 to confirm the credentialsprovided by the user device. In the event the credentials are notconfirmed, the process ends at step 218. If the credentials of the userdevice are confirmed, the process proceeds to step 220 where access node50 sends a wake-up signal to the lock, such as lock 34, associated withthe structure, such as structure 40, to which the user is authorized.Additionally, the access node 50 may detect the type of wirelessstandard the user device is capable of such that the proper wirelessstandard may be activated by the selected door lock 34 in step 220. Thewake-up signal may also include an access code, such as a temporaryalphanumeric code or the like, which must be matched by the user devicein order to cause the lock to open.

The second stage of the process beings in step 226 where the user deviceconnects to the now active lock 34. The dual antennas 38 and 39 of lock34 detect a RSSI from the user device (step 228). In the preferred form,the central focus of the antennas 38 and 39 are directly opposite of oneanother and are separated by at least one ground plane. However, in analternate form, the central focus of the antennas 38 and 39 may only beoffset by at least 130 degrees. In yet another form, the central focusmay differ by 150 degrees or more. In a still further form, the antennasare offset by approximately 180 degrees. If the user device isdetermined to be inside of the structure, such as by having a strongersignal strength via the internally facing antenna 39, the processproceeds through steps 232, and 234, whereby it is determined that theuser is already in the room and the process ends subject to startingover. Alternatively, if is determined to be outside of the structure,such as by having a stronger signal strength via the externally facingantenna 38 or a suitable ration, and at least a certain signal strengthto indicate the desired proximity to lock 34 (step 236), the processproceeds to authenticate the request by comparing the security codeprovided by the user device to the stored access code received from node50 (step 238) until lock 34 unlocks either provides the user with accessto structure 40 (step 240) upon a successful authentication or theprocess ends at point 242.

In a further form, door lock 34 takes appropriate samples of RSSIrelative to wireless token 24 on either side of door, using antennas 38and 39. For example, the samples may include several periodic RSSIreadings which are then averaged or otherwise combine to reduceinterference, noise, or the like from a single reading. Based upon thesereadings, lock 34 makes a determination of whether wireless token 24 isinside and outside of door 32. Additionally, the lock 34 may use theRSSI samples of antenna 38 to determine the distance wireless token 24is from lock 34 for purposes of determining its presence within thedefined proximity range outside of the door 32 as well. In a furtherform, the determination of whether a user device is inside or outside ofa room requires that the RSSI detected by one directional antenna (suchas 38) must be a predetermined amount of percentage greater than that ofthe opposing directional antenna (such as 39). Once measurementsaverages are conducted, and presence of token/device and it isdetermined that he is in the proper unlock zone (range of outsideproximity), the unlock of step 242 is granted.

In yet another form, lock 34 may periodically transmit information toaccess node 50 for passing along to server 60 which indicates the useris still in the hotel room. This information may trigger the in-roomtemperature to be maintained, and upon detecting that the user is nolonger in the room, the temperature may be raised to a user-specified orstandard level or it may trigger the lights to be turned off, asdescribed in U.S. patent application Ser. No. 10/126,486 to Sunyichentitled “Personalized Smart Room”, which is hereby incorporated byreference to the extent not inconsistent.

While the invention has been illustrated and described in detail in thedrawings and foregoing description with respect to a hotel accesssystem, the same is to be considered as illustrative and not restrictivein character, it being understood that only the preferred embodiment hasbeen shown and described and that all equivalents, changes, andmodifications that come within the spirit of the inventions as describedherein and/or by the following claims are desired to be protected. Byway of non-limiting example, the system described herein may be appliedto other enclosed areas where selective access is desired, including,other structures such as offices, amusement parks, military bases,restricted areas, vehicles, homes, etc.

What is claimed is:
 1. An access system allowing a user to access anenclosed area using a wireless user device, the access systemcomprising: a database storing access permissions identifying at leastone wireless user device authorized to access said enclosed area; amechanical locking device securing a point of entry to said enclosedarea, said locking device operably connected to at least one short-rangewireless receiver suitable for receiving an unlock request from saidwireless user device and subsequently responding by granting accessthrough said point of entry when said unlock request is authorized usingsaid database, wherein said at least one short-range wireless receiverincludes a first and second directional antenna which are mounted tosaid point of entry, are separated by at least one ground plane, and areoriented such that the centers of their fields of reception are offsetby an angle of at least 130 degrees, and wherein said authorizingrequires a comparison of the received signal strength indicator of saidfirst directional antenna to that of said second directional antenna. 2.The access system according to claim 1, wherein said at least oneshort-range wireless radio is a Bluetooth radio.
 3. The access systemaccording to claim 1, wherein the centers of the fields of reception ofsaid first and said second directional antennas are offset by an angleof at least 150 degrees.
 4. The access system according to claim 1,wherein said at least one short-range wireless radio is an 802.11 radio.5. The access system according to claim 1, wherein said enclosed area isa structure and said point of entry is a door.
 6. The access systemaccording to claim 5, wherein said mechanical locking device is locatedin the mortise of said door.
 7. The access system according to claim 5,wherein at least one of said first and said second directional antennasis located in the mortise of said door.
 8. The access system accordingto claim 5, wherein said structure is a hotel room.
 9. The access systemaccording to claim 1, wherein said wireless user device is a mobiletelephone.
 10. The access system according to claim 1, wherein saiddirectional antennas are patch antennas.
 11. An method for grantingaccess to a secured area based on a wireless user device, the methodcomprising the steps of: maintaining an electronic database storingaccess permissions identifying at least one wireless user deviceauthorized to access one or more secured areas; receiving a first accessrequest for an identified secured area at an access node from a wirelessuser device, wherein a point of entry of said secured area is within thetransmission range of said access node and said access node is inelectronic communication with said database; authenticating at least aportion of said access request with said access node using saiddatabase; confirming the presence of said wireless user device within apredefined area adjacent to said point of entry using at least twodirectional antennas in electronic communication with said access node;wherein the centers of the fields of reception of said two directionalantennas are offset by an angle of at least 130 degrees and saidpredefined area is less than the transmission range of said access node;generating an electronic indication to allow access to said secured areathrough point of entry when said access request is authorized and saidwireless user device is within said defined area.
 12. The access systemaccording to claim 11, further comprising the steps of: determining areceived signal strength indicator for said wireless user device foreach of a first and second directional antenna positioned adjacent tosaid point of entry, wherein the centers of the fields of reception ofsaid first and said second directional antennas are offset by an angleof at least 130 degrees; and wherein said confirming requires that theratio of said first and said second received signal strength indicatorsindicates that said wireless user device is within said predeterminedarea.
 13. The access system according to claim 12, wherein the centersof the fields of reception of said first and said second directionalantennas are offset by an angle of at least 150 degrees.
 14. The accesssystem according to claim 11, wherein said enclosed area is a structureand said point of entry is a door.
 15. The access system according toclaim 14, wherein at least one of said first and said second directionalantennas is located in the mortise of said door.
 16. The access systemaccording to claim 12, wherein said confirming utilizes at least fourdirectional antennas.
 17. An method for granting access to an enclosedarea based on a wireless user device, the method comprising the stepsof: establishing a short-range radio frequency pairing with a wirelessuser device using a wireless enabled access node within a door securingsaid enclosed area; wherein said access node includes a mechanical lockdevice; determining if said wireless user device is authorized to accesssaid enclosed area based upon a security code received from saidwireless user device; determining a received signal strength indicatorfor said wireless user device using each of a first and seconddirectional antenna, wherein the centers of the fields of reception ofsaid first and said second directional antennas are offset by an angleof at least 130 degrees; and unlocking said mechanical lock device toprovide access to said enclosed area in the event said wireless userdevice is authorized and the ratio of said first and said secondreceived signal strength indicators indicates that said wireless userdevice is outside of said enclosed area.
 18. The method of claim 17,wherein said short-range radio frequency pairing utilizes UHF radiowaves in the ISM band from 2.4 to 2.485 GHz.
 19. The method of claim 17,wherein said short-range radio frequency pairing utilizes radio waves inthe 915 MHz band.
 20. The method of claim 17, wherein first and saidsecond directional antennas are positioned on or within said door. 21.The method of claim 17, wherein the centers of the fields of receptionof said first and said second directional antennas are offset by anangle of at least 150 degrees.
 22. The method of claim 17, wherein saidenclosed area is a structure and said point of entry is a door.
 23. Themethod of claim 22, wherein said mechanical locking device is located inthe mortise of said door.
 24. The method of claim 23, wherein at leastone of said first and said second directional antennas is located in themortise of said door.
 25. The method of claim 17, wherein said first andsaid second directional antennas are beamforming arrays.